diff options
| author | Rafael França <rafaelmfranca@gmail.com> | 2017-07-10 17:24:31 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-07-10 17:24:31 -0400 |
| commit | 48cb8b3e7097e9a1cb45b2298f59b9179f0dbdee (patch) | |
| tree | 3829cb73ad09675ba74fa4443d320c8fd3c4384c /actionpack/lib/action_controller | |
| parent | 3fa66935fd65e2d834dcc743bd835afb5b875f7f (diff) | |
| parent | 73b944eca721be750e1263c15d221f153d1396d0 (diff) | |
| download | rails-48cb8b3e7097e9a1cb45b2298f59b9179f0dbdee.tar.gz rails-48cb8b3e7097e9a1cb45b2298f59b9179f0dbdee.tar.bz2 rails-48cb8b3e7097e9a1cb45b2298f59b9179f0dbdee.zip | |
Merge pull request #29742 from lugray/default_protect_from_forgery
Default protect from forgery
Diffstat (limited to 'actionpack/lib/action_controller')
| -rw-r--r-- | actionpack/lib/action_controller/metal/request_forgery_protection.rb | 13 | ||||
| -rw-r--r-- | actionpack/lib/action_controller/railtie.rb | 8 |
2 files changed, 21 insertions, 0 deletions
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb index 4468cbb2fc..027dae60fa 100644 --- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb @@ -85,6 +85,10 @@ module ActionController #:nodoc: config_accessor :per_form_csrf_tokens self.per_form_csrf_tokens = false + # Controls whether forgery protection is enabled by default. + config_accessor :default_protect_from_forgery + self.default_protect_from_forgery = false + helper_method :form_authenticity_token helper_method :protect_against_forgery? end @@ -128,6 +132,15 @@ module ActionController #:nodoc: append_after_action :verify_same_origin_request end + # Turn off request forgery protection. This is a wrapper for: + # + # skip_before_action :verify_authenticity_token + # + # See +skip_before_action+ for allowed options. + def skip_forgery_protection(options = {}) + skip_before_action :verify_authenticity_token, options + end + private def protection_method_class(name) diff --git a/actionpack/lib/action_controller/railtie.rb b/actionpack/lib/action_controller/railtie.rb index 31db7518f1..1c1cd58732 100644 --- a/actionpack/lib/action_controller/railtie.rb +++ b/actionpack/lib/action_controller/railtie.rb @@ -69,5 +69,13 @@ module ActionController config.compile_methods! if config.respond_to?(:compile_methods!) end end + + initializer "action_controller.request_forgery_protection" do |app| + ActiveSupport.on_load(:action_controller_base) do + if app.config.action_controller.default_protect_from_forgery + protect_from_forgery with: :exception + end + end + end end end |